Noah Misch discovered a race condition in the pg_dump tool included in
PostgreSQL, which may result in privilege escalation.
Category Archives: Advisories
USN-6951-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– M68K architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Accessibility subsystem;
– Character device driver;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Hardware crypto device drivers;
– Buffer Sharing and Synchronization framework;
– FireWire subsystem;
– GPU drivers;
– HW tracing;
– Macintosh device drivers;
– Multiple devices driver;
– Media drivers;
– Network drivers;
– Pin controllers subsystem;
– S/390 drivers;
– SCSI drivers;
– SoundWire subsystem;
– Greybus lights staging drivers;
– TTY drivers;
– Framebuffer layer;
– Virtio drivers;
– 9P distributed file system;
– eCrypt file system;
– EROFS file system;
– Ext4 file system;
– F2FS file system;
– JFFS2 file system;
– Network file system client;
– NILFS2 file system;
– SMB network file system;
– Kernel debugger infrastructure;
– IRQ subsystem;
– Tracing infrastructure;
– Dynamic debug library;
– 9P file system network protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– NET/ROM layer;
– NFC subsystem;
– NSH protocol;
– Open vSwitch;
– Phonet protocol;
– TIPC protocol;
– Unix domain sockets;
– Wireless networking;
– eXpress Data Path;
– XFRM subsystem;
– ALSA framework;
(CVE-2024-36934, CVE-2024-38578, CVE-2024-38600, CVE-2024-27399,
CVE-2024-39276, CVE-2024-38596, CVE-2024-36933, CVE-2024-36919,
CVE-2024-35976, CVE-2024-37356, CVE-2023-52585, CVE-2024-38558,
CVE-2024-38560, CVE-2024-38634, CVE-2024-36959, CVE-2024-38633,
CVE-2024-36886, CVE-2024-27398, CVE-2024-39493, CVE-2024-26886,
CVE-2024-31076, CVE-2024-38559, CVE-2024-38615, CVE-2024-36971,
CVE-2024-38627, CVE-2024-36964, CVE-2024-38780, CVE-2024-37353,
CVE-2024-38621, CVE-2024-36883, CVE-2024-39488, CVE-2024-38661,
CVE-2024-36939, CVE-2024-38589, CVE-2024-38565, CVE-2024-38381,
CVE-2024-35947, CVE-2024-36905, CVE-2022-48772, CVE-2024-36017,
CVE-2024-36946, CVE-2024-27401, CVE-2024-38579, CVE-2024-38612,
CVE-2024-38598, CVE-2024-38635, CVE-2024-38587, CVE-2024-38567,
CVE-2024-38549, CVE-2024-36960, CVE-2023-52752, CVE-2024-27019,
CVE-2024-38601, CVE-2024-39489, CVE-2024-39467, CVE-2023-52882,
CVE-2024-38583, CVE-2024-39480, CVE-2024-38607, CVE-2024-36940,
CVE-2024-38659, CVE-2023-52434, CVE-2024-36015, CVE-2024-38582,
CVE-2024-36950, CVE-2024-38552, CVE-2024-33621, CVE-2024-36954,
CVE-2024-39475, CVE-2024-39301, CVE-2024-38599, CVE-2024-36902,
CVE-2024-36286, CVE-2024-38613, CVE-2024-38637, CVE-2024-36941,
CVE-2024-36014, CVE-2024-38618, CVE-2024-36904, CVE-2024-36270,
CVE-2024-39292, CVE-2024-39471, CVE-2022-48674)
USN-6950-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– Block layer subsystem;
– Bluetooth drivers;
– Clock framework and drivers;
– FireWire subsystem;
– GPU drivers;
– InfiniBand drivers;
– Multiple devices driver;
– EEPROM drivers;
– Network drivers;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– 9P distributed file system;
– Network file system client;
– SMB network file system;
– Socket messages infrastructure;
– Dynamic debug library;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Multipath TCP;
– NSH protocol;
– Phonet protocol;
– TIPC protocol;
– Wireless networking;
– Key management;
– ALSA framework;
– HD-audio driver;
(CVE-2024-36883, CVE-2024-36940, CVE-2024-36902, CVE-2024-36975,
CVE-2024-36964, CVE-2024-36938, CVE-2024-36931, CVE-2024-35848,
CVE-2024-26900, CVE-2024-36967, CVE-2024-36904, CVE-2024-27398,
CVE-2024-36031, CVE-2023-52585, CVE-2024-36886, CVE-2024-36937,
CVE-2024-36954, CVE-2024-36916, CVE-2024-36905, CVE-2024-36959,
CVE-2024-26980, CVE-2024-26936, CVE-2024-36928, CVE-2024-36889,
CVE-2024-36929, CVE-2024-36933, CVE-2024-27399, CVE-2024-36946,
CVE-2024-36906, CVE-2024-36965, CVE-2024-36957, CVE-2024-36941,
CVE-2024-36897, CVE-2024-36952, CVE-2024-36947, CVE-2024-36950,
CVE-2024-36880, CVE-2024-36017, CVE-2023-52882, CVE-2024-36969,
CVE-2024-38600, CVE-2024-36955, CVE-2024-36960, CVE-2024-27401,
CVE-2024-36919, CVE-2024-36934, CVE-2024-35947, CVE-2024-36953,
CVE-2024-36944, CVE-2024-36939)
USN-6949-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– M68K architecture;
– OpenRISC architecture;
– PowerPC architecture;
– RISC-V architecture;
– x86 architecture;
– Block layer subsystem;
– Accessibility subsystem;
– Bluetooth drivers;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Hardware crypto device drivers;
– DMA engine subsystem;
– DPLL subsystem;
– FireWire subsystem;
– EFI core;
– Qualcomm firmware drivers;
– GPIO subsystem;
– GPU drivers;
– Microsoft Hyper-V drivers;
– InfiniBand drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– Macintosh device drivers;
– Multiple devices driver;
– Media drivers;
– EEPROM drivers;
– MMC subsystem;
– Network drivers;
– STMicroelectronics network drivers;
– Device tree and open firmware driver;
– HiSilicon SoC PMU drivers;
– PHY drivers;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– SPI subsystem;
– Media staging drivers;
– Thermal drivers;
– Userspace I/O drivers;
– USB subsystem;
– DesignWare USB3 driver;
– ACRN Hypervisor Service Module driver;
– Virtio drivers;
– 9P distributed file system;
– BTRFS file system;
– eCrypt file system;
– EROFS file system;
– File systems infrastructure;
– GFS2 file system;
– JFFS2 file system;
– Network file systems library;
– Network file system client;
– Network file system server daemon;
– NILFS2 file system;
– Proc file system;
– SMB network file system;
– Tracing file system;
– Mellanox drivers;
– Memory management;
– Socket messages infrastructure;
– Slab allocator;
– Tracing infrastructure;
– User-space API (UAPI);
– Core kernel;
– BPF subsystem;
– DMA mapping infrastructure;
– RCU subsystem;
– Dynamic debug library;
– KUnit library;
– Maple Tree data structure library;
– Heterogeneous memory management;
– Amateur Radio drivers;
– Bluetooth subsystem;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Multipath TCP;
– Netfilter;
– NET/ROM layer;
– NFC subsystem;
– NSH protocol;
– Open vSwitch;
– Phonet protocol;
– SMC sockets;
– TIPC protocol;
– Unix domain sockets;
– Wireless networking;
– Key management;
– ALSA framework;
– HD-audio driver;
– Kirkwood ASoC drivers;
– MediaTek ASoC drivers;
(CVE-2024-36006, CVE-2024-36922, CVE-2024-38567, CVE-2024-38584,
CVE-2024-36923, CVE-2024-36892, CVE-2024-35855, CVE-2024-35853,
CVE-2024-38562, CVE-2024-36920, CVE-2024-38543, CVE-2024-38576,
CVE-2024-38572, CVE-2024-36898, CVE-2024-38560, CVE-2024-36004,
CVE-2024-36956, CVE-2024-36881, CVE-2024-36977, CVE-2024-36955,
CVE-2024-36906, CVE-2024-36013, CVE-2024-36884, CVE-2024-38563,
CVE-2024-36966, CVE-2024-38547, CVE-2024-38594, CVE-2024-36926,
CVE-2024-38587, CVE-2024-38566, CVE-2024-27400, CVE-2024-36941,
CVE-2024-36017, CVE-2024-38544, CVE-2024-36899, CVE-2024-35851,
CVE-2024-38577, CVE-2024-38590, CVE-2024-38568, CVE-2024-38559,
CVE-2024-38611, CVE-2024-36887, CVE-2024-36886, CVE-2024-35996,
CVE-2024-38612, CVE-2024-36925, CVE-2024-38586, CVE-2024-38596,
CVE-2024-36932, CVE-2024-39482, CVE-2024-38585, CVE-2024-36033,
CVE-2024-38614, CVE-2024-35852, CVE-2024-36908, CVE-2024-36939,
CVE-2024-36963, CVE-2024-27401, CVE-2024-36029, CVE-2024-38540,
CVE-2024-38565, CVE-2024-36927, CVE-2024-36910, CVE-2024-42134,
CVE-2024-36888, CVE-2024-35859, CVE-2024-36911, CVE-2024-35947,
CVE-2024-36940, CVE-2024-36921, CVE-2024-36913, CVE-2024-36943,
CVE-2024-35986, CVE-2024-38616, CVE-2024-36900, CVE-2024-36954,
CVE-2024-36915, CVE-2024-38602, CVE-2024-41011, CVE-2024-35991,
CVE-2024-36909, CVE-2024-38603, CVE-2023-52882, CVE-2024-36953,
CVE-2024-38599, CVE-2024-38574, CVE-2024-36967, CVE-2024-36895,
CVE-2024-36003, CVE-2024-36961, CVE-2024-38545, CVE-2024-38538,
CVE-2024-36001, CVE-2024-36912, CVE-2024-36952, CVE-2024-38550,
CVE-2024-38570, CVE-2024-36969, CVE-2024-38595, CVE-2024-35849,
CVE-2024-36936, CVE-2024-35949, CVE-2024-36009, CVE-2024-35987,
CVE-2024-38541, CVE-2024-38564, CVE-2024-36032, CVE-2024-38615,
CVE-2024-36960, CVE-2024-36934, CVE-2024-36951, CVE-2024-35999,
CVE-2024-38551, CVE-2024-36903, CVE-2024-36931, CVE-2024-38593,
CVE-2024-36938, CVE-2024-38607, CVE-2024-36928, CVE-2024-38552,
CVE-2024-36002, CVE-2024-38605, CVE-2024-38582, CVE-2024-36933,
CVE-2024-38620, CVE-2024-27395, CVE-2024-27396, CVE-2024-36012,
CVE-2024-38591, CVE-2024-38597, CVE-2024-36889, CVE-2024-36964,
CVE-2024-38606, CVE-2024-38553, CVE-2024-36945, CVE-2024-35848,
CVE-2024-36962, CVE-2024-36947, CVE-2024-27399, CVE-2024-38546,
CVE-2024-38583, CVE-2024-38573, CVE-2024-35850, CVE-2024-38549,
CVE-2024-38588, CVE-2024-38610, CVE-2024-36917, CVE-2024-36957,
CVE-2024-35846, CVE-2024-38579, CVE-2024-36965, CVE-2024-35857,
CVE-2024-38548, CVE-2024-36975, CVE-2024-36919, CVE-2024-38542,
CVE-2024-36948, CVE-2024-36011, CVE-2024-38556, CVE-2024-36897,
CVE-2024-38557, CVE-2024-36890, CVE-2024-36882, CVE-2024-38613,
CVE-2024-36914, CVE-2024-35998, CVE-2024-36958, CVE-2024-38580,
CVE-2024-36896, CVE-2024-36891, CVE-2024-36924, CVE-2024-38589,
CVE-2024-38592, CVE-2024-36904, CVE-2024-36894, CVE-2024-36028,
CVE-2024-36014, CVE-2024-36880, CVE-2024-36944, CVE-2024-38598,
CVE-2024-36929, CVE-2024-36883, CVE-2024-35858, CVE-2024-38555,
CVE-2024-36005, CVE-2024-38539, CVE-2024-35994, CVE-2024-36030,
CVE-2024-27394, CVE-2024-36930, CVE-2024-36937, CVE-2024-38561,
CVE-2024-38578, CVE-2024-36959, CVE-2024-36935, CVE-2024-36916,
CVE-2024-36902, CVE-2024-38604, CVE-2024-38554, CVE-2024-38575,
CVE-2024-36918, CVE-2024-36979, CVE-2024-35854, CVE-2024-36968,
CVE-2024-38558, CVE-2024-36000, CVE-2024-27398, CVE-2024-35983,
CVE-2024-36949, CVE-2024-38600, CVE-2024-36950, CVE-2024-36946,
CVE-2024-36031, CVE-2024-35847, CVE-2024-36905, CVE-2024-38571,
CVE-2024-36007, CVE-2024-35856, CVE-2024-38601, CVE-2024-38569,
CVE-2024-38617, CVE-2024-35988, CVE-2024-35989, CVE-2024-35993,
CVE-2024-36893, CVE-2024-36901)
USN-6948-1: Salt vulnerabilities
It was discovered that Salt incorrectly handled crafted web requests.
A remote attacker could possibly use this issue to run arbitrary
commands. (CVE-2020-16846)
It was discovered that Salt incorrectly created certificates with weak
file permissions. (CVE-2020-17490)
It was discovered that Salt incorrectly handled credential validation.
A remote attacker could possibly use this issue to bypass authentication.
(CVE-2020-25592)
It was discovered that Salt incorrectly handled crafted process names.
An attacker could possibly use this issue to run arbitrary commands.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28243)
It was discovered that Salt incorrectly handled validation of SSL/TLS
certificates. A remote attacker could possibly use this issue to spoof
a trusted entity. (CVE-2020-28972, CVE-2020-35662)
It was discovered that Salt incorrectly handled credential validation.
A remote attacker could possibly use this issue to run arbitrary code.
(CVE-2021-25281)
It was discovered that Salt incorrectly handled crafted paths. A remote
attacker could possibly use this issue to perform directory traversal.
(CVE-2021-25282)
It was discovered that Salt incorrectly handled template rendering. A
remote attacker could possibly this issue to run arbitrary code.
(CVE-2021-25283)
It was discovered that Salt incorrectly handled logging. An attacker
could possibly use this issue to discover credentials. This issue only
affected Ubuntu 18.04 LTS. (CVE-2021-25284)
It was discovered that Salt incorrectly handled crafted web requests.
A remote attacker could possibly use this issue to run arbitrary
commands. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3148)
It was discovered that Salt incorrectly handled input sanitization.
A remote attacker could possibly use this issue to run arbitrary
commands. (CVE-2021-3197)
python3.12-3.12.5-1.fc41
FEDORA-2024-750bcd7d5c
Packages in this update:
python3.12-3.12.5-1.fc41
Update description:
Automatic update for python3.12-3.12.5-1.fc41.
Changelog
* Wed Aug 7 2024 Tomáš Hrnčiar <thrnciar@redhat.com> – 3.12.5-1
– Update to 3.12.5
– Fixes: rhbz#2303159 (email header injection)
tinyproxy-1.11.2-2.el10_0
FEDORA-EPEL-2024-81aea1f9b6
Packages in this update:
tinyproxy-1.11.2-2.el10_0
Update description:
Automatic update for tinyproxy-1.11.2-2.el10_0.
Changelog
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.11.2-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jul 16 2024 Carl George <carlwgeorge@fedoraproject.org> – 1.11.2-1
– Update to version 1.11.2 rhbz#2298298
– Fixes CVE-2023-49606 rhbz#2278396
* Wed Feb 14 2024 Carl George <carlwgeorge@fedoraproject.org> – 1.11.1-1
– Update to version 1.11.1 rhbz#2220885
– Switch to SPDX license identifier and mark license file appropriately
– Use upstream default config file with minimal changes
– Log to journal instead of files
– Run daemon in foreground to remove the need for pidfile tracking
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.10.0-14
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> – 1.10.0-13
– Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> – 1.10.0-12
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 1.10.0-11
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
ZDI-24-1122: Apple macOS VideoToolbox Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.1. The following CVEs are assigned: CVE-2024-27829.
ZDI-24-1121: Apple macOS VideoToolbox Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-27829.
ZDI-24-1120: Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-27829.